Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the University's main ID server.

Information Source:
Dataloss DB

records from this breach used in our total:
32,000

January 18, 2005

University of California, San DiegoSan Diego, California

EDU

HACK

3,500

A hacker breached the security of two University computers that stored the Social Security numbers and names of students and alumni of UCSD Extension.

Information Source:
Dataloss DB

records from this breach used in our total:
3,500

January 22, 2005

University of Northern ColoradoGreeley, Colorado

EDU

PORT

15,790 (15,790 employees and an unknown number of employee beneficiaries)

A hard drive was lost or stolen. It contained information on current and former University
employees and their beneficiaries and dates back to April of 1997. Names, dates of birth, SSNs, addresses,
bank account numbers and routing numbers may have been accessed.

Information Source:
Dataloss DB

records from this breach used in our total:
15,790

February 12, 2005

Science Applications International Corp. (SAIC)San Diego, California

BSO

STAT

45,000 employees

On January 25 thieves broke
into a SAIC facility and stole computers containing personal information of past and current employees. Stolen information
included names, Social Security numbers, addresses, phone numbers and records of financial
transactions.

Information Source:
Dataloss DB

records from this breach used in our total:
45,000

February 15, 2005

ChoicePointAlpharetta, Georgia

BSO

INSD

163,000

Fraudsters who presented themselves as legitimate ChoicePoint customers purchased data profiles from ChoicePoint on individuals and used that data to commit identity theft. The initial number of affected records was estimated at 145,000
but was later revised to 163,000.

UPDATE(1/26/06):
ChoicePoint settled with the Federal
Trade Commission for $10 million in civil penalties and $5
million for consumer redress.

UPDATE (12/06/06):
The FTC
announced that victims of identity theft as a result of the
data breach who had out-of-pocket expenses can now be reimbursed.
The claims deadline is Feb. 4, 2007.

UPDATE (06/24/07):
Starting Dec. 2006, the FTC began mailing claims forms to victims
of the breach. Its Web
site provides information about the claims process. Deadline
is Aug. 18, 2007. Victims can be reimbursed for out-of-pocket
expenses resulting from identity theft connected to the breach.
Call (888) 884-8772, or email cpredress@ftc.gov.

UPDATE (11/04/07):
Since its 2005 data security incident, ChoicePoint has implemented
enhancements to its privacy and information security framework
including the establishment of an Office of Privacy, Ethics and
Compliance to reinforce the responsible use and protection of
information at ChoicePoint through policies and procedures, audit
and compliance, and outreach and education. Visit www.privacyatchoicepoint.com.

UPDATE (1/27/08):
Has agreed to pay $10 million to settle a class action lawsuit

Information Source:
Security Breach Letter

records from this breach used in our total:
163,000

February 18, 2005

University of Chicago HospitalChicago, Illinois

MED

INSD

85

The FBI launched an investigation into possible fraud by at least one hospital employee. As many as 85 patients may have been affected. The hospital contacted all affected patients.

Information Source:
Dataloss DB

records from this breach used in our total:
85

February 25, 2005

Bank of America Corp.Charlotte, North Carolina

BSF

PORT

1,200,000

Computer tapes with credit card information, Social Security numbers, addresses and account numbers were lost. Bank of America began monitoring the customer accounts on the lost tapes and said it would contact cardholders if unusual activity was detected. Around 900,000 of the account holders affected were Defense Department employees.

Information Source:
Dataloss DB

records from this breach used in our total:
1,200,000

February 25, 2005

PayMaxxMiramar, Florida

BSF

DISC

100,000

A software glitch at PayMaxx Inc., a Franklin, Tenn., payroll
processing company, accidentally revealed personal financial
information on as many as 100,000 individuals, including Social Security numbers. The problem arose in a PayMaxx feature that enabled employees to use the
Internet to get their W-2 forms, the standard tax information form
issued by companies to their employees.

Information Source:
Dataloss DB

records from this breach used in our total:
100,000

March 8, 2005

DSW Shoe Warehouse, Retail VenturesColumbus, Ohio

BSR

HACK

1,400,000

Credit card information from customers in 25 states was compromised.

UPDATE (04/19/2005): An additional
1,300,000 customers were added to the initial estimate of 100,000.

UPDATE (08/23/2012): DSW was locked in a dispute with National Union over insurance coverage. A federal appellate court ruled that DSW was entitled to insurance coverage of more than $6.8 million in stipulated losses and prejudgment interest.

Information Source:
Dataloss DB

records from this breach used in our total:
1,400,000

March 10, 2005

LexisNexisDayton, Ohio

BSO

INSD

310000

Unauthorized individuals used IDs and passwords of legitimate
customers to obtain consumers' Social Security numbers, driver's license
numbers, and names and addresses.
Most of the breaches were at the company's subsidiary
Seisint Inc., based in Florida.

UPDATE (4/12/05) An internal investigation at LexisNexis has uncovered evidence that an additional 280,000 records may have been involved in this breach, increasing the total from 30,000 to 310,000.

UPDATE
(06/30/06): Five men were arrested in connection with this
breach.

Information Source:
Dataloss DB

records from this breach used in our total:
310,000

March 11, 2005

University of California, BerkeleyBerkeley, California

EDU

PORT

98,400

A laptop containing the Social Security numbers of doctoral degree recipients from 1976 to 1999, graduate students enrolled between 1989 and 2003, and graduate school applicants between fall 2001 and spring of 2004 was stolen. Birth dates and addresses for about one-third of the affected people were also on the laptop.

Information Source:
Dataloss DB

records from this breach used in our total:
98,369

March 11, 2005

Kaiser PermanenteOakland, California

MED

DISC

140

A disgruntled employee
posted information on her blog noting that Kaiser Permanente included
private patient information on systems diagrams posted on the Web.

A hacker gained access to a phone banking database that included alumni addresses and Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
120,000

March 12, 2005

Las Vegas Department of Motor Vehicles (LV DMV)Las Vegas, Nevada

GOV

STAT

8,900

A computer and holographic
laminate materials were stolen from the Donovan office of the DMV in
North Las Vegas.

UPDATE. The equipment was
recovered on June 1.

Information Source:
Dataloss DB

records from this breach used in our total:
8,900

March 16, 2005

California State University, ChicoChico, California

EDU

HACK

59,000

A university housing and food service computer server containing names and Social Security numbers of faculty, staff, students, former students, and prospective students was hacked.

Information Source:
Dataloss DB

records from this breach used in our total:
59,000

March 20, 2005

Northwestern UniversityEvanston, Illinois

EDU

HACK

17,500

Hackers gained access to multiple computers and gathered user ID and password information from the University's network. The personal information for around 500 faculty members, 2000 staff members, and 14,000 alumni was compromised.

Information Source:
Media

records from this breach used in our total:
17,500

March 20, 2005

University of Nevada, Las VegasLas Vegas, Nevada

EDU

HACK

5,000

A hacker was caught accessing the University's server and may have gotten information from the Student Exchange and Visitor Information System (SEVIS).

Information Source:
Dataloss DB

records from this breach used in our total:
5,000

March 25, 2005

Purdue UniversityWest Lafayette, Indiana

EDU

HACK

1,200 (not included in total because news stories are not clear if SSNs or financial information were exposed)

Computers in the College of Liberal Arts' Theater Dept. were hacked, exposing personal information of employees, students, graduates, and business affiliates.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 5, 2005

MCIColorado Springs, Colorado

BSO

PORT

16,500

A laptop containing names and Social Security numbers of current and
former employees was stolen from the car trunk of an MCI financial
analyst. An MCI spokesperson stated that MCI would continue its policy
of allowing laptops to be taken home by employees and will evaluate new
security technologies.

Information Source:
Dataloss DB

records from this breach used in our total:
16,500

April 5, 2005

University of California, DavisDavis, California

EDU

HACK

1,100

The names and Social Security
numbers of students, faculty, visiting speakers and staff may have
been compromised when a hacker accessed a main computer.

Information Source:
Dataloss DB

records from this breach used in our total:
1,100

April 6, 2005

University of California, San Francisco (UCSF)San Francisco, California

EDU

HACK

7,000

A server in the accounting
and personnel departments was hacked. It contained information on
7,000 students, faculty, and staff members. The affected individuals
were notified March 23.

Information Source:
Dataloss DB

records from this breach used in our total:
7,000

April 8, 2005

Eastern NationalFt. Washington, Pennsylvania

NGO

HACK

15,000

A hacker gained access to a server containing the names, credit card information, and billing addresses of 15,000 customers. Letters were mailed to all customers who bought products through the educational website for national parks.

Information Source:
Dataloss DB

records from this breach used in our total:
15,000

April 8, 2005

San Jose Medical GroupSan Jose, California

MED

STAT

187,000

UPDATE(10/10/07):
A former branch manager at the San Jose Medical Group has been sentenced
to almost two years in prison for stealing medical records for about
187,000 patients. The accused pleaded guilty in May to one count
of health care-related theft after he stole computer equipment from
his former employer, including a DVD that contained patients' names,
Social Security numbers, medical diagnoses and other information.

Information Source:
Dataloss DB

records from this breach used in our total:
187,000

April 11, 2005

Tufts UniversityBoston, Massachusetts

EDU

HACK

106,000

RuffaloCODY is the software management company.

The University's donor database was breached sometime in late 2004. The database was managed by a software company for nonprofit organizations named RuffaloCODY. Letters were sent to the alumni who may have had their personal information stolen.

Information Source:
Dataloss DB

records from this breach used in our total:
106,000

April 15, 2005

Polo Ralph Lauren, HSBCNew York, New York

BSR

HACK

180,000

Credit card data was stolen. Individuals holding the HSBC-issued General Motors Mastercard were told their cards should be replaced.

UPDATE(07/10/07): U.S. Secret Service
agents found Ralph Polo Lauren customers' credit card numbers in
the hands of Eastern European cyber thieves who created high-quality
counterfeit credit cards. Victims are from the U.S., Europe, Asia
and Canada, among other places, Several Cuban nationals in Florida
were arrested with more than 200,000 credit card account numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
180,000

April 15, 2005

California Department of Health ServicesSacramento, California

GOV

PORT

21,600

A laptop containing the names, Social Security numbers, and medical information of Medi-Cal beneficiaries was stolen from the car trunk of an employee. The Department of Health Services began notifying beneficiaries in late May.

Information Source:
Dataloss DB

records from this breach used in our total:
21,600

April 20, 2005

TD AmeritradeOmaha, Nebraska

BSF

PORT

200,000

A backup tape was lost, stolen, or accidentally destroyed while being shipped. The tape contained account information from clients or former clients between the years of 2001 and 2003. Ameritrade notified the affected clients and offered one free year of credit protection services.

Information Source:
Dataloss DB

records from this breach used in our total:
200,000

April 21, 2005

Carnegie Mellon UniversityPittsburgh, Pennsylvania

EDU

HACK

19,000

The compromised information included Social Security numbers and grades from master's alumni classes 1997 through 2004, job offer information from master's alumni classes 1985 through 2004, contact information for all alumni, and Social Security numbers and grades from doctoral students enrolled between 1998 and 2004. Between 5,000 and 6,000 of those affected had their credit card information and Social Security numbers compromised. Emails and letters were sent to those who were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
19,000

April 26, 2005

Michigan State University's Wharton Center East Lansing, Michigan

EDU

HACK

40,000

A hacker may have stolen the credit card information of visitors attending a performing arts venue. Warnings were sent to Wharton visitors who used their credit cards anytime between September of 2003 and the incident.

Information Source:
Dataloss DB

records from this breach used in our total:
40,000

April 26, 2005

Christus St. Joseph's HospitalHouston, Texas

MED

STAT

16,000

Two computers used for converting paper medical records into digital files were stolen. One of the computers contained Social Security numbers and medical records for hundreds of patients. Letters were sent to about 16,000 patients.

Information Source:
Dataloss DB

records from this breach used in our total:
16,000

April 28, 2005

Georgia Southern UniversityStateboro, Georgia

EDU

HACK

tens of
thousands (at least 20,000)

Hackers accessed a University server which contained thousands of credit card and Social Security numbers collected over three years. Students who received bookstore credit through scholarship or financial aid between the fall 2003 and spring of 2005 semesters, and anyone who made credit purchases at campus stores, stadium, or website are at risk. Email alerts were sent to students and alumni.

Note: location listed is the corporate headquarters of Bank of America, not necessarily where the breach occurred.

Bank employees illegally sold account information to someone posing as a collection agency. Customers affected were notified and received one year of free credit monitoring services.

Information Source:
Dataloss DB

records from this breach used in our total:
676,000

April 29, 2005

Oklahoma State UniversityStillwater, Oklahoma

EDU

PORT

37,000

A laptop used for student job placement seminars was lost or stolen. It contained the Social Security numbers of current and former students.

Information Source:
Dataloss DB

records from this breach used in our total:
37,000

May 2, 2005

Time Warner, Iron Mountain Inc.New York, New York

BSO

PORT

600,000

Backup tapes containing the personal information of current and former employees from as far back as 1986 was lost or stolen during shipping. An 800 number was set up to answer questions and provide free credit monitoring for one year.

UPDATE (5/3/2005): A contractor named Iron Mountain Inc. lost the tapes during shipping.

Information Source:
Dataloss DB

records from this breach used in our total:
600,000

May 4, 2005

Colorado Health DepartmentDenver, Colorado

GOV

PORT

1,600
(families)

A laptop containing Social Security numbers, medical records, family medical history, and addresses was stolen from an employee's car. The State Health Department is not monitoring the affected group and has only contacted some of the families involved.

Information Source:
Dataloss DB

records from this breach used in our total:
1,600

May 5, 2005

Purdue UniversityWest Lafayette, Indiana

EDU

HACK

11,360

Hackers accessed a program which contained University credit card information and the Social Security numbers of current and former employees. Letters were sent to employees and former employees.

Information Source:
Dataloss DB

records from this breach used in our total:
11,360

May 5, 2005

Arbella Mutual Insurance CompanyQuincy, Massachusetts

BSF

DISC

Unknown

The Massachusetts Registry of Motor Vehicles was the breached entity.

A customer discovered that he could view the Registry of Motor Vehicles database by visiting a website printed on the bottom of his insurance paperwork. He was able to look up people by name and then obtain their address, date of birth, license number, driving history and even their Social Security number most times. The company corrected the problem quickly. The company believes the error was temporary and that few outsiders were able to access the information.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 7, 2005

Department of JusticeWashington, District Of Columbia

GOV

PORT

80,000

The laptop was stolen from Omega World Travel of Fairfax, VA.

A laptop containing password protected names and travel account credit card information was stolen sometime between May 7 and May 9.

Information Source:
Dataloss DB

records from this breach used in our total:
80,000

May 11, 2005

Stanford UniversityStanford, California

EDU

HACK

9,900

The University's Career Development Center was hacked. This exposed the names, Social Security numbers, and other personal information of users. Names and credit card information for some employers that registered with the site were also in the database.

Information Source:
Dataloss DB

records from this breach used in our total:
9,900

May 12, 2005

Hinsdale Central High SchoolHinsdale, Illinois

EDU

HACK

2,400

Two students were accused of hacking into the School's computer system and stealing student and staff Social Security numbers. The students had the information for months before being caught. Letters were sent to affected families. The Social Security Administration and the Federal Trade Commission were also notified.

Information Source:
Dataloss DB

records from this breach used in our total:
2,400

May 14, 2005

Georgia Technology Authority (GTA)Atlanta, Georgia

GOV

INSD

465,000

A former computer programmer for Georgia Technology Authority downloaded state driver's license information which contained names, addresses, driver's license numbers, and in some cases Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
465,000

May 16, 2005

Westborough BankWestborough, Massachusetts

BSF

INSD

750

A former employee who ran an investment program from 1998 to 2001 may have given Social Security numbers and account information to a convicted felon known for defrauding senior citizens. The bank mailed warning letters.

Information Source:
Dataloss DB

records from this breach used in our total:
750

May 18, 2005

Jackson Community CollegeJackson, Michigan

EDU

HACK

8,000

A hacker may have downloaded the passwords and Social Security numbers of employees and students. The College sent new, high security passwords to students and employees.

Information Source:
Dataloss DB

records from this breach used in our total:
8,000

May 18, 2005

University of Iowa Iowa City, Iowa

EDU

HACK

30,000

A computer containing credit card numbers and campus ID numbers for University Book Store customers was breached by a hacker.

Information Source:
Dataloss DB

records from this breach used in our total:
30,000

May 19, 2005

Valdosta State UniversityValdosta, Georgia

EDU

HACK

40,000

A computer server containing campus ID card information and Social Security numbers was hacked. The cards were designed to be used as debit cards by students and employees.

Information Source:
Dataloss DB

records from this breach used in our total:
40,000

May 27, 2005

Cleveland State UniversityCleveland, Ohio

EDU

PORT

44,420

A laptop containing personal information from applicants, current students, and former students was stolen from the University's admissions office. The information included Social Security numbers and addresses from as far back as 2001. Letters were sent to those affected.

UPDATE
(12/24/05):CSU
found the stolen laptop

Information Source:
Dataloss DB

records from this breach used in our total:
44,420

May 28, 2005

Merlin Information ServicesKalispell, Montana

BSO

INSD

5,875

An individual fraudulently obtained personal information about thousands of victims
from Merlin Information Services and used that information to commit
identity theft by opening up credit card accounts. He posed as a private investigator, thus giving Merlin the impression that he was a legitimate user of their services. He conducted at least 1,873 queries through the Merlin system to
obtain information on approximately 5,875 people.

Information Source:
Media

records from this breach used in our total:
5,875

May 30, 2005

MotorolaSchaumburg, Illinois

BSO

STAT

Unknown

Two computers were stolen from third party vendor Affiliated Computer Services (ACS). They had security safeguards and contained names and Social Security numbers of Motorola employees. Motorola notified affected staff by email and offered fraud insurance coverage.

Information Source:
Dataloss DB

records from this breach used in our total:
0

June 4, 2005

Duke University Medical CenterDurham, North Carolina

EDU

HACK

14,000 (No reports of full SSNs or financial information)

A hacker broke into the computer system, stealing thousands of passwords and fragments of Social Security numbers. Fourteen thousand affected people were notified, including 10,000 employees of Duke University Medical Center.

Information Source:
Dataloss DB

records from this breach used in our total:
0

June 6, 2005

Citigroup, UPSNew York, New York

BSF

PORT

3,900,000

Customers are being notified that backup tapes containing their account information were lost or stolen while being shipped by UPS.

Information Source:
Dataloss DB

records from this breach used in our total:
3,900,000

Breach Total

816,044,756 RECORDS BREACHED(Please see explanation about this total.)from 4,506 DATA BREACHES made public since 2005